This carries forward a discussion [1] from the WebAuthN list that was off-topic there.
> Since Christiaan mentioned sshd, here are some notes on how to implement FIDO in sshd (should anyone be looking for a weekend project):
I came across that work as part of attempting my agent proof-of-concept. The corresponding patches didn't make progress upstream, and there isn't a clear path for making a better proposal for FIDO support in the SSH ecosystem.
Adding support to sshd for the existing FIDO signature format is a bit weird because it's not really a new key format (still ECDSA) but it would require support for a new signature format. Key and signature formats are generally a 1:1 concern in the world of SSH. Without support for signing arbitrary data, we're left with some unappealing options to leverage FIDO:
- We could allow people to publish their tokens as ECDSA (in the authorized keys file), but authentication would mysteriously fail on older sshd instances that support ECDSA keypairs but not FIDO-style signatures. This would confuse users.
- We could create a new key format that isn't really a new key format but just uses FIDO-compatible signatures. This would take 10+ years to roll out; even ECDSA isn't supported everywhere, particularly for cloud services that let you upload keys.
- We could extend the entire signing chain (from the agent on the client through verification within sshd) to support a prefix on the signed data in a more generic way. This would similarly take a long time to roll out and get adoption, as this also requires server and client changes.
Similar issues exist for other integrations that aren't greenfield uses of FIDO signatures. I suppose one answer is using a more traditional smart card (OpenPGP or PKCS#11), but both have cost and setup complexity issues that FIDO doesn't. We use OpenPGP-based smart cards for our employee SSH access, but it's not something I'd wish on anyone.